Mobile Device Management Options

Mobile Device Management or MDM is a headache for all IT departments who allow mobile devices to connect and sync company information. The issues of protecting company data and information become even worse in today's "bring your own device" world, employees want the ability to use their own personal devices for both business and personal use. How does IT manage the balance between company security and end user efficiency? Many find the balance by utilizing an MDM tool.

Microsoft has moved into MDM space these past several years; early on with Exchange ActiveSync, later with the development of the InTune solution, and now with Office 365.

There are some key differences between how each service manages your mobile devices. They are outlined in the provided chart above, but we will also give more specifics below.

Exchange ActiveSync:

Exchange ActiveSync is a client protocol that lets you synchronize a mobile device with your Exchange mailbox. Exchange ActiveSync is enabled by default when you install Microsoft Exchange 2013. Basically, this technology only contains the most rudimentary of MDM policies. As shown above, IT has limited things that it can do including basic inventory, device lock, full device wipe, basic on/ off provisioning, and security pin requirements.

MDM for Office 365:

With Office 365, administrators will get the tools necessary to manage the corporate items, email and documents, across multiple platforms i.e. iOS and Android, for no additional cost!

Conditional Access:

Set up security policies to ensure that Office 365 corporate email and documents can be accessed only on phones and tablets that are managed by your company and that are compliant with your IT policies.

Device Management:

Set up and manage security policies, such as jailbreak detection, to help impede unauthorized users from accessing corporate email and data on a device if it is lost or stolen.

Selective Wipe:

Remove any Office 365 company data remotely from an employee’s device while leaving their personal data untouched.

Companies can provide employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure. Includes all of the following + all of the MDM for Office 365 capabilities.

Deploy your internal line-of-business apps and apps in public app stores to users.

Enable your workforce to securely access corporate information using the Office mobile apps they know and love, while preventing leakage of company data by restricting actions like copy, cut, paste, and save as, to only those apps managed by Intune.

Extend protection for company data to existing line-of-business apps by using the Intune App Wrapping Tool.

Manage devices from the cloud with no infrastructure required using Intune, or connect Intune to System Center 2012 Configuration Manager to manage all of your devices including PCs, Macs, Linux and UNIX servers, and mobile devices from a single management console.